Share

The Creepy Genetics Behind the Golden State Killer Case

Information from a geneaology site led detectives to Joseph James DeAngelo, who is accused of committing more than 50 rapes and 12 murders.

Justin Sullivan/Getty Images

For the dozen years between 1974 and 1986, he rained down terror across the state of California. He went by many names: the East Side Rapist, the Visalia Ransacker, the Original Night Stalker, the Golden State Killer. And on Wednesday, law enforcement officials announced they think they finally have his real name: Joseph James DeAngelo. Police arrested the 72-year-old Tuesday; he’s accused of committing more than 50 rapes and 12 murders.

In the end, it wasn’t stakeouts or fingerprints or cell phone records that got him. It was a genealogy website.

FBI

Lead investigator Paul Holes, a retired Contra Costa County District Attorney inspector, told the Mercury News late Thursday night that his team used GEDmatch, a no-frills Florida-based website that pools raw genetic profiles shared publicly by their owners, to find the man believed to be one of California’s most notorious criminals. A spokeswoman for the Sacramento County District Attorney’s Office reached Friday morning would not comment or confirm the report.

GEDmatch—a reference to the data file format GEDCOM, developed by the Mormon church to share genealogical information—caters to curious folks searching for missing relatives or filling in family trees. The mostly volunteer-run platform exists “to provide DNA and genealogy tools for comparison and research services,” the site’s policy page states. Most of its tools for tracking down matches are free; users just have to register and upload copies of their raw DNA files exported from genetic testing services like 23andMe and Ancestry. These two companies don’t allow law enforcement to access their customer databases unless they get a court order. Neither 23andMe nor Ancestry was approached by investigators in this case, according to spokespeople for the companies.

But no court order would be needed to mine GEDmatch’s open-source database of more than 650,000 genetically connected profiles. Using sequence data somehow wrung from old crime scene samples, police could create a genetic profile for their suspect and and upload it to the free site. As the Sacramento Bee first reported, that gave them a pool of relatives who all shared some of that incriminating genetic material. Then they could use other clues—like age and sex and place of residence—to rule out suspects. Eventually the search narrowed down to just DeAngelo. To confirm their suspicions, police staked out his Citrus Heights home and obtained his DNA from something he discarded, then ran it against multiple crime scene samples. They were a match.

“It’s fitting that today is National DNA Day,” said Anne Marie Schubert, the Sacramento district attorney, at a press conference announcing the arrest Wednesday afternoon. A champion of genetic forensics, Schubert convened a task force two years ago to re-energize the cold case with DNA technology. “We found the needle in the haystack, and it was right here in Sacramento.”

After four decades of failure, no one could blame law enforcement officials for celebrating. But the methods they used to track down DeAngelo raise some serious questions about what constitutes due process and civil liberty in a time when commercial DNA testing is becoming more popular than ever.

FBI

DNA evidence has been a cornerstone of forensic science for decades, and rightly so. It’s way more accurate than hair or bite-mark analysis. But the routine DNA tests used by crime labs aren’t anything like what you get if you send your spit to a commercial testing company. Cops look at a panel of 20 regions of repeating locations in the genome that don’t code for proteins. Because those repeating sections vary so much from individual to individual, they’re good for matching two samples—but only if the suspect is already in the criminal databases maintained by US law enforcement. Investigators in the Golden State Killer case had long had DNA, but there was no one in their files with which to match it. And so the case went cold.

Companies like 23andMe and Ancestry, on the one hand, probe the coding regions of DNA, to see what mysteries someone’s genes might be hiding—a heightened risk for cancer, or perhaps a long lost cousin. While those areas may be less prone to variation between individual samples, the number of customers who have received these tests—more than 10 million between both services—means that detectives can triangulate an individual. Maybe even a mass murderer. Thanks to the (biological) laws of inheritance, suspected criminals don’t have to have been tested themselves for bits of their DNA to be caught up in the dragnet of a criminal fishing investigation.

So far, these leaders in the consumer DNA testing space have denied ever turning over any customer genetic data to the police. Not that they haven’t been asked for it. According to the 23andMe’s self-reported data, law enforcement has requested information on a total of five American 23andMe customers. Ancestry’s published transparency reports state that it has provided some customer information—but it was in response to requests related to credit card fraud and identity theft, and none of it was genetic in nature.

Representatives from both companies said that police can’t simply upload a DNA profile they have from old crime scenes and sign up for the company’s services, allowing them to find genetic relatives and compare detailed chromosome segment data. Not because impersonating someone necessarily constitutes a violation of the their terms and conditions—people use fake names and email accounts occasionally to maintain privacy—but because they don’t accept digital files. The database entrance fee is a mandatory three milliliters of saliva.

Cops have found ways around this before. In 2014, a New Orleans filmmaker named Michael Usry was arrested for the 1996 murder of an 18-year-old girl in Idaho Falls, after investigators turned up a “partial match” between semen found on the victim’s body and DNA from Usry’s father. A familial connection they found by sifting through DNA samples donated by Mormon churchgoers, including Usry’s father, for a genealogy project. Ancestry later purchased the database and made the genetic profiles (though not the names associated with them) publicly searchable. A search warrant got them to turn over the identity of the partial match.

After 33 days in police custody a DNA test cleared Michael Usry, and Ancestry has since shuttered the database. But it highlighted two big potential problems with this kind of familial searching. On the other are questions of efficacy—nongovernmental databases, whether public or private, haven’t been vetted for use by law enforcement, even as they’re increasingly being used as crime-fighting tools. More worrying though are the privacy concerns—most people who get their DNA tested for the fun of it don’t expect their genetic code might one day be scrutinized by cops. And people who’ve never been tested certainly don’t expect their genes to turn them into suspects.

Those questions get even thornier as more and more people have their DNA tested and then liberate that information from the walled off databases of private companies. GEDmatch’s policies don’t explicitly ask its users to contemplate the risks the wider network might incur on account of any one individual’s choices. “While the results presented on this site are intended solely for genealogical research, we are unable to guarantee that users will not find other uses,” it states. “If you find the possibility unacceptable, please remove your data from this site.” GEDmatch did not immediately respond to a request for comment

Legal experts say investigators wouldn’t break any laws in accessing a publicly available database like GEDmatch, which exists expressly to map that connectivity. “The tension though is that any sample that gets uploaded also is providing information that could to lead to relatives that either haven’t consented to have their information made public, or even know it’s been done,” says Jennifer Mnookin, dean of the UCLA School of Law and a founder of its program on understanding forensic science evidence. “That’s not necessarily wrong, but it leads to a web of information that implicates a population well beyond those who made a decision themselves to be included.”

That’s the same argument that critics have made against more traditional kinds of forensic familial searches—where a partial DNA match reveals any of a suspect’s relatives already in a criminal database. But those searches are at least regulated, to different extent, by federal and state laws. In California, investigators have to get approval from a state Department of Justice committee to run a familial DNA search through a criminal database, which limits use of the technique to particularly heinous crimes. A similar search on a site like GEDmatch requires no such oversight.

In the case of the Golden State Killer, the distinction doesn’t seem that important. But what if police started using these tools for much lesser crimes? “If these techniques became widely used there’s a risk a lot of innocent people would be caught in a web of genetic suspicion and subject to heightened scrutiny,” says Mnookin. While she’s impressed with the ingenuity of the investigators in this case to track down their suspect, she can’t help but see it as a step toward a genetic surveillance state. “That’s what’s hard about this,” she says. “We don’t have a blood taint in this country. Guilt shouldn’t travel by familial association, whether your brother is a felon or an amateur genealogist.”

More Genetic Informants

Did you know your fingerprints contain traces of DNA? Cops do. But that doesn't mean they always get it right.